Steven Hatch, Cox Automotive | Splunk .conf18

Steven Hatch, Cox Automotive | Splunk .conf18


>>Voiceover: Live from
Orlando, Florida, it’s theCUBE. Covering .conf18,
brought to you by Splunk.>>Welcome back to Orlando
everybody, home of Disney World, and this week, home of theCUBE. I’m Dave Vellante and he’s Stu Miniman. Steven Hatch is here, he’s the manager of Enterprise Logging
Services at Cox Automotive. Steven, thanks for coming on theCUBE.>>Thank you.>>So, you’ve been with
Splunk for a while, we’re here at conf18. Logging services,
enterprise logging services. When you think of Splunk, their roots, Splunk go back to, sort of, log files, analyzing log files, it’s in your title. (laughs) You must be pretty intimately tied to, as a practitioner, to this capability, but talk about your role
and what you do at Cox.>>Primarily, the role
is to be the evangelist, the enabler, and the center of excellence when it comes down to
getting those best practices propergated within the enterprise.>>So people come to
you for advice, council, you play, sort of, internal consultant. What qualified you to do that? You were a practitioner prior to this, so you got your hands
dirty and you kind of now, elevated to–>>My prior role was a Site Operations, or Site Reliability
Engineer, and then Manager. And so, having that background,
I’ve been in IT since ’96, so I’m a little old in the game, but basically, having that
operational knowledge, and knowing how to think
big picture when things are happening or
transpiring, or the reverse and go back and find
that root cause analysis.>>’96, just a pup, my friend, okay? (both laugh) So, talking to Stu, we
were talking off camera, about the number of brands
that Cox Automotive has, Cox at Kelley Blue Book and at
numerous others, like dozens, each of these is kind
of it’s own data silo. How do you guys go about using Splunk? Are you able to break
down some of those silos? Maybe you could share that with us.>>Yeah, so we have been
successful on a lot of the big three really, at
Kelley Blue Book, Manheim, as well as Auto Trader,
to really break in. A lot of that was because
of our, already previous, relationships with team
members and leaders. On the other side of the coin is the newly acquired companies that
are not in Atlanta, Georgia. That are in places like
Groton, Connecticut, South Jordan, Utah, Upstate New York, as well as the Toronto area in Canada. And so, WebEx joined me,
email just won’t cut it. You actually have to sit
down with these people and really showcase your
business case, your model, and what you’re trying
to bring to the table. But of course, the approach
is always important.>>And are you using Splunk to do that? As a collaboration tool as well?>>Yes sir, yep.>>Explain that a little bit if you would.>>So, a lot of times, as you mentioned, the silos, as a bigger brand now, it’s no longer an excuse for
you to only be responsible for your data and not showcase
it, or share that data. Because we’re thinking
about the entire life-cycle of Cox Automotive, and this
entity of Cox Automotive, that’s important to us now. So for you to hold tight,
or to hoard your data, or your metrics and not share them, that’s not good business anymore.>>Yeah, so Steven, we
talked to a lot of companies that do M&A, and it’s usually like, well, this is the products we use, these are the structures that we have. One of the things we hear from Splunk is that you can get to your data, your way. How does the Splunk modeling, and how you look at the data, fit into that M&A? Is that an enabler for you
to be able to get that in.>>Yeah, and so, when you
can showcase the ability of how the data comes in and, quickly. Key word, right? To showcase how that data
can be very valuable to them, especially to their stakeholders, that’s when light bolts will go off. And, again, it’s the
stakeholders, and then champions, that we need to bring to the table to make sure that we
can get full adoption.>>Yeah, we’ve also– Dave’s
been to the show a few times, it’s my first time, and what
I’ve really heard a bunch of is the people that know how to use Splunk, they’re super valuable
inside of the company. They get training, people
inside the company, they look to get hired,
tell us a little about what you’ve seen, what
it means to your role inside the company, and as you
network with your peers here.>>It’s a lot of exposure. A lot of people are very
anxious to get some type of insights into their world,
their infrastructure, their applications, their business tools. A lot of times, there are people out there that are very savvy from
a business perspective, that have a bunch of KPIs in their head, but no one has actually extracted that information from them, and so, our job is to align with their KPIs. You know, over the last couple of years, that’s what we’ve– the
journey that we’ve been on, is to now revisit the data
that we’ve just ingested. That’s the basic foundation. We want to elevate now and
really get more mature, and to align with those business KPIs.>>Meaning they got this
tribal knowledge in their head, and you want to codify that
so that it can be shared.>>Correct.>>How do you go about doing that? Is it sitting in a whiteboard
and understanding that?>>It can be a whiteboard,
it can be over a coffee. If I need to get on a plane
and go see them in person, and to really just listen
and ask the questions when it’s time but, again, listen and really understand
what’s important to them, what is important to their business, to their function, to their silos? Cox Automotive has five,
of what we call, pillars, where there’s international,
finance, marketing, retail, or media, and
each one of those owners, over time, wants the specific value.>>So if you go and have
a chalkboard session, whiteboard session,
with one of these folks, how do you operationalize it? You got to figure out
where the data exists, so that you can align
with what’s in their head? Is that right? And then, how do you do that?
How do you scale it?>>Well, so, again, you
have to start from the top. If you start from the bottom, you’ll be in the weeds
until the end of time. So that the more efficient
manner is to start from the top and realize those KPIs from those leaders, those stakeholders, and then from there, a tool like ITSI, which
is basically built around services, entities, and aligning to their service decomposition model, and that right there allows
you to stay consistent and efficient on getting that information.>>So you start top down, but ultimately, people are going to want granularity. So you start– is it top down,
bottom up, type of approach? Where you actually drill,
drill, drill, drill, drill, and then get to the point where you can answer all those granule questions? And then, by doing that, if
I understand it correctly, it sums to the top line, is that fair?>>Yeah, yeah, there’s a point in time where you say, you know what? I could really now enhance
or enrichen the data by a dataset that I know where it is. So the keypal will get
you to a certain point, and then, to find that happy medium, or that common denominator from the data that you already have on premise, or from your apps, wherever they reside, that’s where you can meet the gap.>>Otherwise you’re never get it done. You’ll end up boiling the ocean.>>Steven: That’s correct, yes sir.>>All right, so, when we
talked to you two years ago, you were using Splunk Cloud, you know? And when we talked to practitioners it’s– the things that they’re
managing, a lot of times now, most of it’s not what they own, and so, how do I get
the right information? How do I manage that environment? Talk to us a little bit
about what you’ve seen in the maturation of Splunk and Splunk Cloud, if there’s anything in
7.2, or Splunk Next, that’s exciting you, to help
you do your job even better.>>Oh man, so of course,
the keynote today, the DSP, the processing layer
that’s in front of the Cloud, or in front of the indexes now. Where in real time, I can now route data, specifically from a security standpoint. If there’s some type of event, without having to go
through all the restarts and configuration management
and everything else, I can simply put something
in there, right there, and move the data, or mask the data. The ability with the infrastructure app, that’s exciting to me, as well
as all the feature updates for ITSI, enterprise security,
as well as the Cloud itself.>>Can we do a little
Splunk 101 for my benefit? So I heard today, from
one of the product folks, that it used to be when
you added another indexer, you had to add storage and
compute simultaneously, whether or not you needed the
storage, you had to add it, or vise versa. So an indexer is what, is it,
essentially, a Splunk node?>>No, it can be a,
basically, a Linux host, that actually has the agent running as an indexer with the attached disk.>>Right, okay, and it
used to be you had to buy that in chunks, kind of like HCI, right? And you couldn’t scale storage
independent of compute?>>Steven: That’s correct.>>What that meant is
you were paying for stuff that you might not need.>>Right.>>So, with 7.2, I guess
it is, you can split those and you get more granule, or
what does that mean for you?>>Well, being a, now four
year customer of Splunk Cloud, and anytime we went to the
next version of, or license, the next step up, currently
we’re on about six terabytes. When we go up to eight, that
the entailed more indexes being added to the cluster,
which meant more time for the replication of
search factors to be met, which can take however long, and then, or if there’s any kind of
issue with the indexer, where one had to be pulled out
and another one introduced. How long does that take? Now, with the decoupling of
the compute from the storage, it’s minutes, and so it’s
a fraction of the time.>>And if I understand,
I understood it real well when it’s an appliance, but
it’s the same architecture if it’s done in the
Cloud, is that correct?>>It’s, essentially, actually, it’s a new architecture in my mind, where now it’s able to scale
more, and then there’s– I’m not sure how much
they talked about it, but there’s a potential
of the elasticity of it. And so, now, I don’t have to be so fixed, I can, on certain times,
expand the cluster, you know, for search performance, or bring it back down
when it’s not needed.>>Some of the promise of Cloud.>>Steven: Yes, sir, Splunk Cloud.>>So it’s like the Billy
Dean, the five tool star. You’ve got the cost,
you’ve got availability, you got speed, you got flexibility, and you’ve got business value, ultimately, which is what’s driving here. So, I take it, I’m inferring here, you’d expect to use this
capability in the near future?>>Steven: Very much so.
>>Great. What else is on your horizon? What are the cool stuff you’re working on? And things you want to share with us?>>Well, in addition to
our leveraging Splunk Cloud for four years, next
year we plan to move away from our current sim tool,
into enterprise security. So it’s very exciting to hear that they’re continually updating that product, and so our security team
has been knocking on my door for the last six months to
really get that started. So, once we get there, we’ll
start the migration efforts and get Splunk Cloud now, enabled with the enterprise security, to really
empower our security team, and stay ahead of our threats.>>So, I’ve been around a long time, and, ever since I can remember
being in this business, customers have wanted to
consolidate the number of vendors with whom they work. But the allure of best of
breed always sucks them in to, oh, lets try this, or you get shadow IT. It sounds like, with
Splunk, you’re approaching this as a platform that you
can use for a variety of different use cases.
>>Steven: That is correct.>>Now, whether or not you
reduce the number of vendors is, maybe a separate conversation, but I guess the question I have is, how are you using Splunk in new ways? It sounds like its permutating
a line of business, SecOps, etc, is that an accurate picture? If you could describe it.>>Yeah, so Splunk itself,
the core is the platform for so many different other
functions within the business. You have security, you have
the development group, DevOps, where, from a CICD perspective,
now they can measure the metrics or the latency in between, when they create a car, say in rally, all the way to the very end of the line, what are all those metrics that are there, that they can leverage to
increase their productivity? Obviously, infrastructure. As we consolidate all of
our data centers down, wouldn’t it be nice to know
if these specific low bouncers or switchers are still
having traffic to verse them? And to actually get a depiction
of the consolidation effort. From a virtualization standpoint,
isn’t it powerful to know how many devices E6 hosts are
actually fully being utilized, and how many are actually vacant? And how much money can be
saved if we were actually to turn down those specifics blades or hosts? Or VMs that aren’t being leveraged, but they’re sitting there,
taking up valuable resources.>>I remember when Splunk,
right around the time they went public, I remember
two instances, maybe three. There was a MPP database
company, there was a large three letter firm, and there
was an open-source specialist, and I heard the same
thing from each of them, was we have the Splunk killer, this was like, five, six years ago. It seems like this
Splunk killer was Splunk. And it really never happened.
Why is it? Why is Splunk so effective? You obviously see, you
know, you’re independent, you want to use the best
thing for Cox Automotive. What is it about Splunk
that sets them apart, puts them in the lead?>>The scale capabilities,
having this type of environment with the conferences and the sales group and the support groups, very
intentional about listening. Having workshops where
they come on premise to help us out on our use cases, to really educate their users, because the more their users are elevated from a knowledge standpoint,
the more they will then exercise the application. If they all stay basic, why would I need another
component of Splunk? Why would I need enterprise security? Why would I need to expand my
subscription into the Cloud? The more I can exercise
it, the more I’ll need.>>So this is kind of a give, get. They come in knowing that
if they expose you to other best practices, you’ll
going to be more effective in the use of Splunk
and you might apply it in to other parts of your business.>>My appetite will grow and
my users appetite will grow.>>And these are freebies
that they’re doing? Services freebies, or are
they paid for services?>>Oh yeah, they have
no problem coming in, supplying the necessary
ammunition, or food, to entice, to have folks come in, but it’s powerful to have
all the engineers in there to really show us how things work. ‘Cause, again, it’s a win, win.>>And you’re a football
fan, I understand?>>Steven: Oh, yes, sir.>>Chiefs are your team, right?
>>Steven: That’s correct.>>Were you a football player?
>>For a little while, yes. Now I coach, so that’s my–>>And you coach, what?
>>Little girls.>>Kiddie football, huh, awesome. Is that Pop Warner these days, still?>>I guess you call it that.
>>Flag football or tackle?>>Tackle football
>>Really?>>Yep.
>>Eight years old?>>Yes, my son is eight and he’s
playing full back right now, I’m very excited, happy father.>>Is he a big boy, like his dad?>>He’s going to be bigger, I
think, than his father, yes, sir. (both laugh)>>That’s awesome. Well, listen, thanks very much, Steven, for coming on theCUBE, it’s
really a pleasure meeting you.>>That’s appreciated,
thank you very much. All right, keep it right there everybody. Stu and I will be back
with our next guest. We’re live from Splunk .conf18,
you’re watching theCUBE.

Leave a Reply

Your email address will not be published. Required fields are marked *